CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2023/08/22 12:0 a.m.•2 views

Geomatika IsiGeo Web SQL注入漏洞

Geomatika IsiGeo Web is Geomatika's geographic information system GIS software for the collection, management, analysis, and visualization of geospatial data. A security vulnerability exists in Geomatika IsiGeo Web version 6.0, which originates from a vulnerability that allows an authenticated...

6.5CVSS6.8AI score0.00157EPSS

Exploits1References4

CNNVD•added 2023/08/22 12:0 a.m.•3 views

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

6.5CVSS6.7AI score0.00221EPSS

CNNVD•added 2023/08/22 12:0 a.m.•2 views

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

8.1CVSS7.9AI score0.00137EPSS

Positive Technologies•added 2023/08/20 12:0 a.m.•2 views

PT-2023-29215 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue has been found in the SourceCodester Inventory Management System, affecting an unknown functionality of the file app/ajax/search sales report.php. The...

9.8CVSS7AI score0.00066EPSS

Exploits0References6

CNNVD•added 2023/08/14 12:0 a.m.•2 views

Mitel MiVoice Office 400 SMB Controller SQL Injection Vulnerability

The Mitel MiVoice Office 400 SMB Controller is an SMB controller from Mitel Canada. A security vulnerability exists in Mitel MiVoice Office 400 SMB Controller version 1.2.5.23, which originated from a vulnerability that could allow a malicious attacker to access sensitive information and perform...

9.8CVSS6.6AI score0.00341EPSS

CNNVD•added 2023/08/14 12:0 a.m.•1 views

novel-plus SQL注入漏洞

novel-plus is a multi-end PC, WAP reading and functional original literary CMS system. A SQL injection vulnerability exists in novel-plus version v3.6.2. The vulnerability stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this...

9.8CVSS8.2AI score0.00377EPSS

Exploits0References4

BDU FSTEC•added 2023/08/11 12:0 a.m.•1 views

The vulnerability of component B1i Layer of the SAP Business One resource management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of component B1i Layer in the SAP Business One resource management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely gain access to read, modify, or delete data by sending...

7.1CVSS7.3AI score0.00287EPSS

Exploits0References4Affected Software1

CNNVD•added 2023/08/10 12:0 a.m.•4 views

iCMS SQL Injection Vulnerability

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS v7.0.16, which is caused by a SQL injection vulnerability discovered via the bakupdata function...

9.8CVSS8.1AI score0.00092EPSS

Exploits0References5

Positive Technologies•added 2023/08/10 12:0 a.m.•2 views

PT-2023-25782 · Code Projects · Code-Projects Hospital Management System

Name of the Vulnerable Software and Affected Versions: Code-Projects Online Hospital Management System version 1.0 Description: The issue allows an attacker to manipulate SQL queries executed by the application due to a failure in properly validating user-supplied input in the login id and passwo...

9.8CVSS7.8AI score0.00092EPSS

Exploits1References6

OSV•added 2023/08/09 7:15 p.m.•1 views

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 7:15 p.m.•2 views

CVE-2022-48602

A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS5.9AI score0.00104EPSS

OSV•added 2023/08/09 7:15 p.m.•3 views

CVE-2022-48599

A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 7:15 p.m.•1 views

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 6:15 p.m.•1 views

CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 6:15 p.m.•2 views

CVE-2022-48590

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...